This article was originally posted to Microsoft’s Security blog.
The Azure security team is pleased to announce that the Azure Security Benchmark v1 (ASB) is now available. ASB is a collection of over 90 security best practices recommendations you can employ to increase the overall security and compliance of all your workloads in Azure.
The ASB controls are based on industry standards and best practices, such as Center for Internet Security (CIS). In addition, ASB preserves the value provided by industry standard control frameworks that have an on-premises focus and makes them more cloud centric. This enables you to apply standard security control frameworks to your Azure deployments and extend security governance practices to the cloud.
ASB v1 includes 11 security controls inspired by, and mapped to, the CIS 7.1 control framework. Over time we’ll add mappings to other frameworks, such as NIST.
ASB also makes it possible to improve the consistency of security documentation for all Azure services by creating a framework where all security recommendations for Azure services are represented in the same format, using the common ASB framework.
ASB includes the following controls:
- Network security
- Logging and monitoring
- Identity and access control
- Data protection
- Vulnerability management
- Inventory and asset management
- Secure configuration
- Malware defense
- Data recovery
- Incident response
- Penetration tests and red team exercises
Documentation for each of the controls contains mappings to industry standard benchmarks (such as CIS), details/rationale for the recommendations, and link(s) to configuration information that will enable the recommendation.
ASB is integrated with Azure Security Center allowing you to track, report, and assess your compliance against the benchmark by using the Security Center compliance dashboard. It has a tab like those you see below. In addition, the ASB impacts Secure Score in Azure Security Center for your subscriptions.
ASB is the foundation for future Azure service security baselines, which will provide a view of benchmark recommendations that are contextualized for each Azure service. This will make it easier for you to implement the ASB for the Azure services that you’re actually using. Also, keep an eye out our release of mappings to the NIST and other security frameworks.